I have updated the Widgets Signature editors draft [1] according to
the following, please review the changes:
1) Added ABNF update
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0731.html
and
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0732.html
See section 1.2, 5.2, 5.3 and References
2) Added ds:Reference constraint
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0742.html
See section 5.1 and References.
3) Clarified and updated security considerations text
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0750.html
See section 8.
4) Misc editorial cleanup
http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0743.html
Security considerations as noted for 3, and clear editorial comments.
Throughout.
The following issues are still open (see message 743):
a) Remove "Only the first distributor signature MUST be processed." ?
I think I agree that Widgets Signature should be silent on this. if
so, where is this going to be noted?
Agreement to remove?
b) Remove DSAwithSHA1 requirement? Status of requirement R47 (Section
2)?
" Support for Multiple Signature Algorithms: DSA-SHA-1, RSA-SHA-1, DSA-
SHA-256 and RSA-SHA-256."
c) I suggest removing the restatement of algorithm requirements in
section 7.1 , specifically remove #5a and #5b.
Are there any other changes needed that we are aware of?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
[1] http://dev.w3.org/2006/waf/widgets-digsig/
